dcsimg
Results 1 to 2 of 2

Thread: SHA512 hash result string length

  1. #1

    Thread Starter
    Member
    Join Date
    Apr 2017
    Posts
    38

    SHA512 hash result string length

    The code below is giving me a string for "HashedResult" which ends with a "=" or "= =". Searches inform me that this is padding. What do I need to do specifically to get a full string without the padding? I want to append this SHA512 string to a random salt string so that I can use for password purposes. Seems to me I am giving away some secrecy if it is obvious how much of the total string is the password hash by the "= =" in the middle of my string. I could do something to get rid of the last 2-3 characters - but is there something that I am supposed to do to avoid the need of the padding in the first place?

    Code:
    private void Btn_Login_Click(object sender, EventArgs e)
        {
               string userPassword = Txt_Password.Text;
               var hashedResult = Hash.HashThis(userPassword);
               MessageBox.Show(hashedResult);
        }
    
        class Hash
        {   
           public static string HashThis(string StrText)
           {
              {
                 var UTF8EncodedBytesOfStrText = System.Text.Encoding.UTF8.GetBytes(StrText);
                 using (var HASH = System.Security.Cryptography.SHA512.Create())
                 {
                    var hashedUTF8EncodedBytesOfStrText = HASH.ComputeHash(UTF8EncodedBytesOfStrText);
                    return System.Convert.ToBase64String(hashedUTF8EncodedBytesOfStrText);
                 }
              }
           }

  2. #2
    .NUT jmcilhinney's Avatar
    Join Date
    May 2005
    Location
    Sydney, Australia
    Posts
    103,720

    Re: SHA512 hash result string length

    You're trying to solve a problem that doesn't exist. Stop it. Hashes like this are used by millions of applications the world over. You're haven't discovered something that no one else has noticed. Some values produce a result that requires padding and some don't. To get only results that don't require padding, you'd have to significantly restrict the number of valid starting values. Firstly, how would you implement that? Secondly, how much easier do you think that that would make a hackers job?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width